12 matches found
EUVD-2018-0782
Malware in sbrugna...
EUVD-2022-5308
Malicious code in bioql PyPI...
EUVD-2024-3452
Malicious code in bioql PyPI...
SQL Injection
Apache Superset is vulnerable to SQL Injection. The vulnerability is caused due to improper handling of special elements used in SQL commands, specifically certain engine-specific functions are not checked, allowing attackers to bypass SQL authorization...
Improper Access Control
derby is vulnerable to improper access control attacks. The vulnerability exists due to the lack of validation on privileges, allowing unauthorized users to drop schema in SQL authorization mode...
CVE-2014-0228
Apache Hive before 0.13.1, when in SQL standards based authorization mode, does not properly check the file permissions for 1 import and 2 export statements, which allows remote authenticated users to obtain sensitive information via a crafted URI...
CVE-2014-0228
CVE-2014-0228 affects Apache Hive 0.13.0 (prior to 0.13.1). In SQL standards based authorization mode, the directory permissions for URIs used in import/export statements are not properly checked, allowing remote authenticated users to access sensitive information via a crafted URI. Documented im...
openSUSE 10 Security Update : derby (derby-4091)
Apache Derby did not determine schema privilege requirements during the DropSchemaNode bind phase, which allows remote authenticated users to execute arbitrary drop schema statements in SQL authorization mode. CVE-2006-7217 This update also brings a new requirement of a Java 1.5 JRE. %NASLMINLEVE...
CVE-2006-7217
Apache Derby before 10.2.1.6 does not determine schema privilege requirements during the DropSchemaNode bind phase, which allows remote authenticated users to execute arbitrary drop schema statements in SQL authorization mode...
CVE-2006-7217
Apache Derby before 10.2.1.6 does not determine schema privilege requirements during the DropSchemaNode bind phase, which allows remote authenticated users to execute arbitrary drop schema statements in SQL authorization mode...
CVE-2006-7217
CVE-2006-7217 affects Apache Derby prior to 10.2.1.6. The vulnerability arises because the DropSchemaNode bind phase does not correctly enforce schema privilege requirements, allowing remote authenticated users to execute arbitrary DROP SCHEMA statements when SQL authorization mode is in effect. ...
CVE-2006-7217
Apache Derby before 10.2.1.6 does not determine schema privilege requirements during the DropSchemaNode bind phase, which allows remote authenticated users to execute arbitrary drop schema statements in SQL authorization mode...